Air Canada admits 20,000 customers’ data stolen in app breach
Air Canada (ADH2) has admitted that some 20,000 of its customers may have had their personal information, including passport details, “improperly accessed” due to a recent breach in the airline’s mobile app.
In a notice on its website, Air Canada (ADH2) said on August 28, 2018, it detected “unusual login activity” between August 22-24, 2018, and “immediately took action”, locking down all 1.7 million of its users’ accounts as a security precaution.
Although it is not clear how the data breach occurred, the airline has already been criticized for its relatively weak password system. The 1.7 million users have been instructed to reset their passwords according to the updated password guidelines, in order to access the app again.
The company believes that data has been stolen from about 1% or 20,000 of its customers’ accounts. It says it has contacted the potentially affected customers directly by email starting from August 29, 2018, to inform them whether it has been determined that their account had been breached.
We’re confirming Air Canada App users need to reset their passwords. Due to high volumes some customers may be experiencing delays in doing this. Customer information is protected. Thank you for your patience. More information for AC App users is here: https://t.co/rLODRWM77B— Air Canada (@AirCanada) August 29, 2018
The Air Canada (ADH2) mobile app stores basic information, such as the user’s name, email and phone number. Any credit card data is encrypted and and stored in compliance with security standards set by the payment card industry or PCI standards, the company assures.
However, other information, such as Aeroplan number, passport number, gender, birthdate, nationality, passport expiration date, passport country of issuance and country of residence, could have been accessed if users saved them in their account profile.
“Some data, such as names or emails, may have been visible if an unauthorized user was able to gain access to an account,” spokeswoman for the airline, Isabelle Arthur, told Canadian news media Financial Post.
According to the Canadian government, the risk of a third party obtaining a passport in someone else’s name is low if the person still has their passport, proof of citizenship and supporting identity documents.
But the City of London's Action Fraud team told the BBC that the "consequences of having your passport information accessed can be severe", since banks, insurance firms and mobile phone providers request the data to set up accounts, but do not always require to see the physical document.
Air Canada (ADH2) has recommended that its customers "regularly review their financial transactions, be aware of any changes to their credit rating, and contact their financial services provider immediately" if they notice any unusual activity
Business travellers gauge lower flight frequency post-restrictions
Business travellers gauge lower flight frequency after the pandemic restrictions are lifted, survey shows. ...
French lawmakers approve the ban of certain domestic routes
French lawmakers approved the ban of certain domestic routes when there are alternatives by the train in less than 2 hou...
Saudi Authorities amend flight resumption to mid-May
Saudi Arabia international flight travel to resume on March 17, 2021, domestic carriers record increase in flight capaci...